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REMARKS 


This paper is responsive to the Non-Final Office Action dated November 21, 2003. 
Claims 1-41 were examined. Claims 1-41 were rejected. Claim 38 has been amended to 
correct grammar, and for no other reason substantially related to patentability and not to 
overcome any art. Applicant respectfully traverses all rejections. 


The Office Action indicates receipt of the replacement sheets with formal drawings 
submitted August 25, 2003, but there is no indication of whether the Examiner accepts or objects 
to the drawings. Applicant respectfully requests that acceptance of the aforementioned drawings 
be indicated in the next action. 


The Office Action rejects claims 1, 2, 6, 10, 13, 15 - 17, 24 - 29, and 36 under 35 U.S.C. 
§ 102(e) as being anticipated by U.S. Patent No. 6,094,657, granted to Hailpern et al. 
("Hailpern"). Applicant respectfully traverses all of these rejections. 

In addressing the §102 rejection, several initial points are relevant: 

1. Each of the rejected independent claims recite at least one limitation not disclosed or 
suggested by Hailpern. As a fundamental matter, a claim is anticipated only if each 
and every element as set forth in the claim is found, either expressly or inherently 
described, in a single prior art reference" (MPEP 2131 .01, quoting Verdegaal Bros, 
v. Union Oil Co. of California , 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 
1987)). For this reason alone, independent claims 1,17, 22, 24 and 27, together with 
all claims dependent therefrom, are all allowable. Details are provided below. 

2. In the present rejections, despite apparent specificity of reference to Hailpern, 
specific limitations of the claims are simply absent from the relied upon reference, 
Hailpern. With all due respect, the Office has grossly mischaracterized the scope and 
content of Hailpern in an attempt to dispose of applicant's claim limitations. In this 
regard, the Office's rejections are simply unsustainable. Details are provided below. 

3. Furthermore, for other limitations of Applicant's claims, no attempt has even been 
made to identify anticipatory disclosure. The Office has not identified or even argued 
that some elements are anticipated by Hailpern. The Office has simply ignored these 
elements, even to the extent of failing to explain how and why independent claim 24 
has been rejected. 


Preliminary Matters 
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Hailpern does not disclose "validating" 

Turning now to the specifics of the present rejection(s), Applicant notes that the Office 
Action cites sections of Hailpern that refer to HTTP requests and to the HTTP 1.1 specification. 
In particular, the Office states: 

Hailpern et al discloses validating a request message against a 
predefined request message specification (citing col. 4, lines 61-67). 

The Office does nothing more than refer to a section of Hailpern that refers to the HTTP 1.1 
specification. 

While HTTP requests may typically conform to a specification (e.g., HTTP 1.1), there is 
simply nothing in Hailpern that discloses or suggests validating, as in Applicant's claim 1 
language, "validating a request message encoded in a structured request 
language against a predefined request message specification therefor" or Other 
corresponding language (e.g., "validating," or "validates") in others of the rejected claims. 
For this reason alone, independent claims 1,17, 22, 24 and 27, together with claims dependent 
therefrom, are all allowable. 

Hailpern does not disclose "transmitting a validated request messase across the security 

barrier" 

The Office Action cites to sections of Hailpern that describe operation of server logic 
including a handler for received request messages. Unfortunately, the Office seems to 
misunderstand the cited sections. The Office states: 

Hailpern et al discloses transmitting the validated request message 
(citing col. 8, lines 24-63). 

The Office is, at best, misinformed. 

First off, as previously established, there is no validated request message. Second, the 
relied upon portion of Hailpern does not transmit a request message, validated or otherwise. 
Instead, it concerns actions performed on receipt of a request message by an HTTP request 
handler. Third, the Office conveniently ignores the rest of the claim language. Applicant's 
claim 1 actually recites "transmitting the validated request message across the 
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security barrier". Neither Hailpern nor any of the other art of record, discloses or suggests a 
security barrier employed as claimed. 

So to recap, the Office relies upon disclosure devoid of validation, transmission and a 
security barrier to dispose of Applicant's claim language. While the other rejected claims are of 
substantially differing scope, nothing in Hailpern discloses or suggests "transmitting" or 
"forwarding" a "validated request message" or "validated access request" of any sort 
across a "security barrier." For this reason alone, independent claims 1, 17, 22, 24 and 27, 
together with claims dependent therefrom, are all allowable. 

Additional claim elements simply not disclosed 

Ample grounds have been presented to support withdrawal of the rejections, however, at 
least the following additional assertions must be challenged. 

The Office Action incorrectly cites to the previously reviewed sections of Hailpern that 
describe operation of server logic including a handler for received request messages for two 
additional aspects of Applicant's claim 1 language. In particular, the Office states: 

Hailpern et al discloses validating a response message against a 
predefined response message specification {citing CO 1. 8, lines 24-63). 

and: 

Hailpern et al discloses that the response message corresponds to the 
validated request {again citing col. 8, lines 24-63). 

and finally: 

Hailpern et al discloses transmitting the validated response {citing 
col. 5, lines 16-25). 

As before, the Office is misinformed. Despite the Office's assertion to the contrary, there 
is simply no disclosure or suggestion of validating, of transmitting of a validated response, or 
of transmitting of a validated response across a security barrier. As for the assertion that 
Hailpern discloses correspondence between a response message and a validated request, it is 
simply not there. 
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The Office also ignores the following from Applicant's claim 17: "predefining a 
request message specification corresponding to a structured request language", 
and similar language in Applicant's claim 20. Hailpern does not disclose or suggest predefining 
a request message specification and the Office does not even attempt to address "predefining a 
request message specification" as claimed. 


For completeness, Applicant reviews language of independent claim 24 that has simply 

been ignored. The Office identifies claim 24 as being rejected under § 102(a), and identifies 

Hailpern. However, the Office does not provide any explanation, reasoning, or even a citation as 

a basis for rejecting claim 24, thus not providing any basis to understand the rejection or respond 

to the rejection. Claim 24 is as follows: 

An information security system comprising: 
security barrier; 

a proxy for an information resource , the proxy and the information 

resource on opposing first and second sides, respectively, of the 
security barrier; 

a data broker on the first side of the security barrier, wherein, in 

response to an access request targeting the information resource, 
the data broker validates a request message encoded in a 
structured request language against a predefined request message 
specification therefor and forwards only validated request 
messages across the security barrier. 

The Office does not identify any reference that discloses interaction between an information 
resource proxy, a security barrier, and a data broker, much less any reference that identifies the 
elements of claim 24. The Office Action and the relied upon prior art are void of any the 
elements of claim 24. 

With regard to claim 2, Hailpern does not disclose or suggest "the request and 
response message specifications are predefined in accordance with valid 
request and response message constraints specific to an information resource." 
The Office does nothing more than recite Applicant's claim language and refer to previous 
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arguments. There is no basis for the rejection. Applicant respectfully requests the Office 
identify the section of Hailpern that is the basis for the rejection of claim 2. 

With regard to claim 10, the Office cites a section of Hailpern that discloses a server that 
invokes an HTTP request handler (col. 8, lines 24 - 38) and that discloses the server invoking 
compound document request handlers updating a compound document database (col. 8, lines 39 

-63). Nothing in Hailpern discloses or suggests "wherein the request and the response 
message validatings are respectively performed at first and second secure 
data brokers on opposing sides of the security barrier; and wherein the 
validated request and response message transmissions are between the first 

and second secure data brokers" as in claim 10. 

With regard to claim 25, the Office cites a section of Hailpern that discloses META-tags 
and the Recreational Software Advisory Council (RSAC) rating system. Neither the cited 
section nor any other section of Hailpern discloses or suggests "a second data broker on 
the second side of the security barrier, wherein, in response to an access 
targeting the information resource, the second data broker validates a 
response message against a predefined response message specification and 

forwards only validated response messages across the security barrier" as in 

claim 25. 

Hailpern does not disclose or suggest any of Applicant's claims. For at least the reasons 
given above, Applicant respectfully submits that Applicant's independent claims 1,17, 24, and 
27 are allowable over the indicated prior art. The claims 2 - 16, 18 - 21, 25 - 26, 28 - 29, and 
36-41 depend on corresponding ones of the above allowable independent claims and are 
allowable at least for the reasons given above. 

Rejections under 35 U.S.C. $103 fa) 

For completeness, Applicant traverses the §103 rejections, including those for 
independent claim 30. 

The Office Action rejects claim 3 under 35 U.S.C. § 103(a) as being unpatentable over 
Hailpern in view of "Applied Cryptography" by Bruce Schneier ("Schneier"). The Office 
Action rejects claims 4, 5, 7 - 9, 14, and 18 - 23, 37, and 39 - 41 under 35 U.S.C. §103(a) as 
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being unpatentable over Hailpern in view of U.S. Patent No. 5,870,549, granted to Bobo II 
("Bobo IF). The Office Action rejects dependent claims 1 1 and 12 under 35 U.S.C. § 103(a) as 
being unpatentable over Hailpern in view of U.S. Patent No. 5,905,856, granted to Ottensooser 
("Ottensooser' 9 ). The Office Action rejects claims 30 - 33, and 35 under 35 U.S.C. §103(a) as 
being unpatentable over U.S. Patent 5,710,889, granted to Clark, et al. ("Clark?') in view of U.S. 
Patent No. 5,602,918, granted to Chen, et al. ("Chen"). The Office Action also rejects claim 34 
under 35 U.S.C. § 103(a) as being unpatentable over Clark in view of Chen, and further in view 
of Bobo II. Applicant respectfully traverses all of these rejections. 

The Office has mischaracterized the references relied upon for its §103 rejections, and as 
with the §102 rejections makes erroneous assumptions to provide a basis for the rejections, for 
those few rejections that provide a basis. 

Hailpern and Bobo II 

As previously stated, Hailpern does not disclose or suggest Applicant's claimed 
invention. The combination of Hailpern and Bobo II still does not disclose or suggest 
Applicant's claimed invention. The Office characterizes Bobo II as disclosing "translation of 
messages into XML format (Office Action, page 5), and proposes utilization of Bobo II as 
disclosing formatting request and response messages in a structured language corresponding to a 
message specification. However, such a characterization of Bobo //exceeds the actual 
disclosure of Bobo II. The Bobo //reference discloses a message storage and deliver system that 
translates voice messages and facsimiles into hypertext markup language files (Abstract) or 
XML. The Office Action assumes that translating voice messages and facsimiles into a markup 
language format is formatting a response or request in accordance with a structured request or 
response language. Bobo II discloses receiving requests for files or messages, but never 
describes or suggests formatting the requests in accordance with a structured request language. 
Even if translating and formatting were equivalent, which they are not, Bobo //never discloses 
translating requests. Attempting to equate translating and formatting as done by the Office 
suggests that Bobo //could translate its requests as it translates voice messages and facsimile 
data, but such a translation of requests would cause an unintended result. More specifically, 

Bobo //does not teach or suggest "formatting a response to an access request 
targeting the information resource, the formatted response being in 
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accordance with the structured response language" as found in independent claim 22 
and formatting the request message in a structured language corresponding to the request 
message specification as in claims 7-9 and 20. 

As discussed above for claim 17, Hailpern does not disclose or suggest predefining a 
message specification. Bobo //also does not disclose or suggest "predefining a response 
message specification corresponding to a structured response language" as in 
claim 20. Hence, the combination of Hailpern and Bobo //does not disclose or suggest 
Applicant's claim 20. 

Hailpern and Ottensooser 

The Office cites sections of the Ottensooser reference that disclose a script definition 
language (SDL) parser and a Plan parser (col. 7, lines 53 - 63). The Ottensooser reference 
discloses the SDL parser loading System Static Tables and checking a script definition file 
before loading Script Definition Tables to be used by the Plan parser (col. 7, lines 54 - 55). The 
Plan parser of the Ottensooser reference uses the Script Definition Tables and the System Static 
Tables to validate a plan (col. 7, lines 59 - 61). The Ottensooser reference does not teach or 

Suggest "parsing the request message using Data Type Definitions (DTDs) 
encoding a hierarchy of valid tag-value pairs in accordance with syntax of a 
valid request message; and if the request message is not successfully parsed, 
forwarding a response message without transmission of the request message 

across the security barrier" as found in claim 1 1 and "parsing the response message 
using Data Type Definitions (DTDs) encoding a hierarchy of tag-value pairs in 
accordance with syntax of a valid response message" as found in claim 12. In 
addition, claims 1 1 and 12 are dependent on the allowable independent claim 1. 

Clark and Chen 

The Clark reference discloses "an interface device for electronically integrating a 
plurality of financial services provided at different geographical locations. . .and delivering such 
services directly to a customer facility at any time requested by the customer" (Abstract). The 
Clark reference discloses the interface device processing transaction instruction messages (TI) 
from customers. "The header and main body portions of the messages are in a structured format, 
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either adhering to industry standards (e.g., message formatting standards managed by the Society 
for Worldwide Interbank Financial Telecommunications ("S.W.LF.T.")), or meeting 
administrative requirements of the delivery system" (col. 7, line 63 - col. 8, line 2). The global 
interface device of the Clark reference "receives the message. . .and then validates the 
construction of the message. ..." (col. 10, lines 19 - 24). 

However, the Clark reference does not teach or suggest "parser code including 
instructions executable as a first instance thereof to validate the received 
access requests against the predefined request message specif icat ion" as found 
in claim 30. The TI messages disclosed in the Clark reference are specifically described as 
containing "a series of defined data elements that identify the customer, user, location, branch, 
account, message type, date, time, and so forth" (col. 7, lines 56 - 58). An access request is not a 
TI message, although an access request can contain a TI message. Even if a TI message is 
similar to an access request, which it is not, the functionality performed by the global interface 
device as disclosed in the Clark reference is not similar to the functionality claimed by 
Applicant. 

In addition to not teaching or suggesting Applicant's above quoted claim limitation, the 

Office admits that the Clark reference does not teach or suggest "data broker code 
including instructions executable as a first instance thereof to... forward 
validated ones of the access requests across the security barrier toward the 

information resource" as found in claim 30. The Office attempts to combine Clark with 
Chen to overcome this deficiency. 

The Office Action attempts to achieve Applicant's claimed invention by modifying Clark 
in view of Chen in a conclusive fashion. The Office assumes the obviousness of adding a 
firewall between "the first network server and the information source" (Office Action, page 8). 
The Office identifies Clark's repository as the information source. Without guidance from the 
Office, Applicant presumes that the Office considers Clark's communication server of Figure 29 
as the first network server. Clark's repository is located between two global 
telecommunication's networks in Figures 1 and 29. Inserting a firewall between Clark's 
repository and communication server does not disclose or suggest Applicant's above quoted 
claim limitations. Furthermore, there is no suggestion or motivation to modify or combine Clark 
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with Chen, The Office offers, as a basis for inserting a firewall in Clark, a brief statement from 
Chen's background that includes the term firewall. 

With regard to claim 34, the Office Action combines Bobo //with the Clark-Chen 
combination in an attempt to achieve Applicant's claim 34. As already stated, the Clark-Chen 
combination does not disclose or suggest Applicant's claim 30, nor any other claim. As 
explained above with reference to claims 7-9 and 20, Bobo //does not disclose or suggest 

"instructions executable to format the access requests in accordance with the 
structured language corresponding to the predefined request message 
specification" as in claim 34. 

Neither Hailpern, Schneier, Clark, Ottensooser, Chen, nor Bobo II, standing alone or in 
combination, teach or suggest Applicant's claimed invention. For at least the reasons stated 
above, Applicant respectfully submits that Applicant's independent claims 22 and 30 and 
dependents therefrom are also allowable. Applicant respectfully submits that all of the 
dependent claims are allowable for at least the reasons discussed above. 


Independent claims 1,17, 22, 24 and 27, together with claims dependent therefrom, are 
all allowable over Hailpern and the other art of record. Applicant respectfully requests that the 
present rejections be immediately withdrawn and that all claims be indicated as allowable. 
Given the substantial disconnect between the Office's assertions as to content of relied upon 
references and actual content thereof, it is simply impractical to challenge each 
mischaracterization. Accordingly, Applicant does not acquiesce in the Office's characterization 
of the relied upon references. Instead, Applicant points to the mischaracterizations made in 
support of the Office's §102 rejections as suggestive of a general lack of correspondence 
between asserted and actual disclosure. 

In summary, claims 1 - 41 are in the case. All claims are believed to be allowable over 
the art of record, and a Notice of Allowance to that effect is respectfully solicited. Nonetheless, 
if any issues remain that could be more efficiently handled by telephone, the Examiner is 
requested to call the undersigned at the number listed below. 


Conclusion 
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CERTIFICATE OF MAILING OR TRANSMISSION 

I hereby certify that, on the date shown below, this 
correspondence is being 

SI deposited with the US Postal Service with sufficient postage 
as first class mail, in an envelope addressed to Commissioner 
for Patents, P.O. Box 1450, Alexandria, VA 22313-1450. 

□ facsimile transmitted to the US Patent and Trademark Office. 


Steven R. Gilliam 


Date 


EXPRESS MAIL LABEL: 


Respectfully submitted, 



Steven R. Gilliam, Reg. No. 51,734 
Attorney for Applicant(s) 
(512)338-6320 
(512)338-6301 (fax) 
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